Visual hacking occurs when a thief steals confidential information, either by discreetly pointing a smart phone at a screen and taking pictures, or by memorizing what they see. It poses a significant risk to anyone handling sensitive personal and business documents.
In 2016, “white hat” visual hacker Ponemon conducted a visual hacking experiment. They visited 46 companies pretending to be temporary office workers, but really, they were scouting to steal information from desks and screens. The results were “eye-opening,” as one report put it — almost 91 per cent of the visual hack attempts were successful.
The good news is, there are clear and simple ways to protect an organization from visual hackers. Security has to start with a culture of security throughout an organization, as well as security awareness training for all employees. Here are five ways to keep your company secure:
1. Implement a clean desk policy. The policy directs employees to keep the workplace tidy and to be aware of confidential data that may be visible. If away from the desk even for a short time, lock important documents inside a desk or file cabinet and clear computer screens.
2. Move office furniture. Position desks so employees have control over who sees work area information. Position computer screens so no-one else can read them. Have a hot key that engages a screen saver when potentially prying eyes are observed. Train mobile workers to protect information when they are working remotely.
3. Use privacy filters. In the Ponemon experiment, 52 per cent of sensitive information was visually hacked from computer screens. Provide privacy filters that can be slipped on to computer monitors and mobile devices. Avoid accessing sensitive documents in public, especially on public wi-fi.
4. Set up a tips line. In 68 per cent of trials, the white hat hacker was not stopped by employees Ensure all employees are educated about behaviours of insider fraudsters and set up a tip line so employees can report suspicious visual hacking behavior.
5. Have a document shredding process. A document shredding policy will reduce the number of sensitive documents around the office. Partner with a reliable service provider like Shred-it and introduce a Shred-it All Policy, so employees securely destroy all documents that are no longer needed. Routine shredding helps keep the company compliant with privacy laws and shows employees how committed the organization is to information security.